Cisco Systems Servers Manuale Utente
Chapter 1 Overview of Cisco Secure ACS
AAA Server Functions and Concepts
1-10
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Passwords
Cisco Secure ACS supports many common password protocols:
•
ASCII/PAP
•
CHAP
•
MS-CHAP
•
LEAP
•
EAP-CHAP
•
EAP-TLS
•
ARAP
Passwords can be processed using these password authentication protocols based
on the version and type of security control protocol used (for example, RADIUS
or TACACS+) and the configuration of the AAA client and end-user client. The
following sections outline the different conditions and functions of password
handling.
on the version and type of security control protocol used (for example, RADIUS
or TACACS+) and the configuration of the AAA client and end-user client. The
following sections outline the different conditions and functions of password
handling.
In the case of token servers, Cisco Secure ACS acts as a client to the token server,
either using its proprietary API or its RADIUS interface, depending on the token
server. For more information, see the
either using its proprietary API or its RADIUS interface, depending on the token
server. For more information, see the
.
Different levels of security can be concurrently used with Cisco Secure ACS for
different requirements. The basic user-to-network security level is PAP. Although
it represents the unencrypted security, PAP does offer convenience and simplicity
for the client. PAP allows authentication against the Windows NT/2000 database.
With this configuration, users need to log in only once. CHAP allows a higher
level of security for encrypting passwords when communicating from an end-user
client to the AAA client. You can use CHAP with the CiscoSecure user database.
ARAP support is included to support Apple clients.
different requirements. The basic user-to-network security level is PAP. Although
it represents the unencrypted security, PAP does offer convenience and simplicity
for the client. PAP allows authentication against the Windows NT/2000 database.
With this configuration, users need to log in only once. CHAP allows a higher
level of security for encrypting passwords when communicating from an end-user
client to the AAA client. You can use CHAP with the CiscoSecure user database.
ARAP support is included to support Apple clients.